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REMARKS 

This response is intended as a full and complete response to the final 
Office Action mailed April 14, 2006. In the Office Action, the Examiner notes that 
claims 1-36 are pending and rejected. By this response, claims 1, 3, 8-10, 13, 
16, 18, 25, 33, and 35 are herein amended. 

In view of the foregoing amendments and the following discussion, 
Applicants submit that none of the claims now pending in the application are 
anticipated or obvious under the respective provisions of 35 U.S.C. §§102 and 
103. Therefore, Applicants believe that this application is now in condition for 
allowance. 

It is to be understood that Applicants, by amending the claims, do not 
acquiesce to the Examiner's characterizations of the art of record or to 
Applicants' subject matter recited in the pending claims. Further, Applicants are 
not acquiescing to the Examiner's statements as to the applicability of the art of 
record to the pending claims by filing the instant response with amendments. 

REJECTIONS 

35 U.S.C. §102 
Claim 18 

The Examiner has rejected claim 18 under 35 U.S.C. §1 02(e) as being 
anticipated by Bellinger (U.S. 2002/0169858, hereinafter "Bellinger"). Applicants 
respectfully traverse the rejection. 

In general, Bellinger teaches a method and device for broadband network 
service delivery. More specifically, Bellinger discloses that a central Service 
Creation Platform (SCP) is located at the service provider's premises. The SCP 
provides the service provider with a common platform from which a service 
provider administrator can create and deploy new services, manage services, 
and record and aggregate billing records. (Bellinger, Abstract). As taught in 
Bellinger, using the SCP, the service provider administrator can create service 
offerings and advertise the availability of the service offerings to individual 
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customers or groups of customers, which may then subscribe to one or more of 
the advertised services. 

Bellinger, however, fails to teach or suggest each and every element of 
Applicants' invention of at least claim 18, as arranged in the claim. Namely, 
Bellinger fails to teach or suggest at least the limitation of "an enhanced 
application portal (EAP), for providing a user interface to a VPN customer user, 
and receiving therefrom VPN administration commands adapted to configure a 
VPN," as taught in Applicants' invention of at least claim 18. Specifically, 
Applicants' invention of claim 18 recites: 

"A dynamic virtual private network (VPN) manager, comprising: 

an enhanced application portal (EAP). for providing a user 
interface to a VPN customer user, and receiving therefrom VPN 
administration commands adapted to configure a VPN : 

a policy server, for communicating configuration parameters to 
network elements providing said VPN, said network configuration 
parameters determined according to VPN administration commands and 
profiles associated with said VPN administration commands; and 

a directory server, for storing VPN topology and operational 
parameters and providing said VPN topology and operational parameters 
to said policy server and said EAP, said VPN topology and operational 
parameters adapted for being updated by said VPN customer user via 
said EAP ." 

(Emphasis added). 

Applicants' invention is directed toward remote, dynamic management of 
customer virtual private networks (VPNs). Applicants' invention enables a VPN 
customer user to remotely, dynamically manage a VPN of a VPN customer with 
which the VPN customer user is associated. Applicants' invention of claim 18 
includes an enhanced application portal (EAP) for providing a user interface to the 
VPN customer user, and for receiving VPN administration commands adapted to 
configure the VPN . Furthermore, Applicants' invention of claim 18 includes a 
policy server and a directory server, which facilitate remote management of the 
VPN by the VPN customer user using the EAP. 

By contrast, Bellinger merely teaches a system having a management 
system by which a service provider administrator , not a customer user , may 
define service offerings and advertise the defined service offerings to individual 
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customers or groups of customers. Bellinger is completely devoid of any teaching 
or suggestion of any VPN configuration capabilities whatsoever, much less 
providing a user interface by which a VPN customer user may provide VPN 
administration commands adapted to configure the VPN , as taught in Applicants' 
invention of at least claim 18. The teachings of Bellinger and, more specifically, 
the differences between the teachings of Bellinger and Applicants' invention, may 
be better understood with respect to at least the following portions of Bellinger: 



"[0052] An SDP may also provide a service portal, which delivers 
the customer experience and is normally in the form of a web page 
accessible to the customer. Service portals can be customized to 
address the needs of specific subscribers or groups of subscribers. 
Using the service portal , the customer can select services of 
interest . The selected services are then set up by the central 
controller, which exchanges messages with the service agent 24 at 
the customer's SDP. 

[0053] It will be instructive to consider how a service provider 
wishing to offer a new service to its customers would proceed in 
accordance with the invention .... 



[0054] Once the service drivers have been obtained, the necessary 
software modules are installed in the central controller 26. A new 
Service Definition is entered in the LDAP directory , which can be 
viewed bv the Service Provider Administrator on the central 
controller 26. At this point, the Service Definition can be associated 
with an SDP and used to create Service Offerings to customers or 
groups of customers . 

[0055] Using a Firewall Service as an example shows how a 
service provider makes a Security Offering available to corporate 
users . The service example might be called "Firewall Offering" and 
come in two variants, "Firewall High" and "Firewall Low". "Firewall 
High" is a restrictive offering that allows very little to pass through 
the firewall. "Firewall Low" is a more permissive offering, enabling 
the transmission of a variety of protocols through the firewall.... 

[0057] It will be appreciated that the policy information in the 
Service Definition is abstract, and can be applied equally well to 
firewalls from a wide variety of vendors. The service drivers 
mediate with vendor specific instruction sets. As a result the same 
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security definition can be used as the basis for offerings sold to 
subscribers who are served by a variety of network architectures, in 
sites that are served by different sizes, revision levels, or vendors 
of firewall technology. This is particularly valuable in an 
environment where thousands of users may require a policy 
change quickly in a very diverse environment . An example of this 
would be the requirement to update firewall policy in response to a 
hacker threat. 

[0058] Having installed the Service Definition in the LDAP directory 
of the central controller 26, the next step is to configure the (SDPs) 
20. The SDPs communicate with the central controller 26 using the 
service delivery agents. Prior to downloading the service driver, an 
administrator at the central controller first logs on to the SDP and 
defines its name and IP address . 

[0059] If desired, SDPs can be grouped in the controller. Grouping 
can be based on geographic location, customer site, etc. and the 
Service Provider has the flexibility to create as many group levels 
as desired . By creating SDP groups, actions can be performed to 
individual SDPs or to SDP groups, which in turn performs the action 
to all SDPs contained within the group-with a single click of the 
mouse.... 

[0064] A similar approach can be used to created service offerings . 
Such offerings might include billing policies, QoS etc. that are made 
available to customers through an existing portal. New service 
offerings are derived from either a service definition or another 
preexisting service offering. The new service offering inherits all the 
of the configuration and policy information from a particular service 
definition are it default value. The service provider is able through 
the user interface at the central controller 26 make any appropriate 
modifications or customizations to the new service offering's 
inherited configuration and policies .... 

[0066] The service offering applies specific values (or references to 
service specific values) of the policy attributes in the service 
definition. The service offering is a series of policy attributes that is 
stored in the LDAP directory for application to a large number of 
individual subscribers . The controller 26 provides a configuration 
form on its user interface, through which service provider 
administrators can make any modifications or customizations to the 
new Service Offering's inherited configuration and policies .... 

[0068] The central controller 26 also stores information about 
customers in its LDAP directory. The directory can be populated 
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with customer information either from the controller user interface 
by the Service Provider Administrator or from another system via 
the an API (Application Programming Interface) provided in the 
central controller. It will be appreciated that customers can be 
grouped in any number of levels as desired by the Service 
Provider, for example by region or industry. 

[0069] Any operation that is performed on an individual customer 
can also be performed on a customer grouped . When an operation 
is performed on a group, all of the customers within the group are 
affected. FIG. 7 shows the groupings of customers in the LDAP 
directory. 

[0070] Once Service Offerings have been configured and customer 
groups created, Service Providers can make Service Offerings 
available to customers using the controller interface. Service 
Offerings assigned to a customer are then displayed on the 
customer's service portal and available for subscription . The 
flexibility of this feature gives service providers the means to group 
customers based on common interests and deliver targeted 
services to those groups in a simple, scalable and economical 
manner. 

[0071] FIG. 9 shows how distinct Service Offerings can be created 
from the same Service Definition and provided to different 
customers. The customers 28 have their own portal interfaces , 
typically web pages, provided by local SDPs 20. The customers are 
presented with service options through their respective portals and 
can make reguests which are passed to the central controller 26 . 
This then creates instances of the various service offerings to be 
run on the SDPs. 

[0072] Service Activation is carried out in steps: Service 
Registration and Service Activation. Service Registration involves a 
user or business subscribing to a Service Offering (e.g. 
NetMeeting) . This transaction would typically include the customer 
selecting the level of service that they desire and paying a monthly 
subscription fee to make the service available for them to use. 

[0073] The action of a user logging on to the service portal and 
using a service (e.g. joining a NetMeeting) constitutes the Service 
Activation step . The central controller gives the Service Provider 
the flexibility to generate a billing event on one or both of these 
steps. 
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customer group , provided that a user has the permission to 
subscribe to a service, the service offering is advertised on the 
customer service portal . Upon registration, the central controller 
creates a registration policy document and stores it in the directory 
with the associated customer. A sample registration document is 
shown in FIG. 10. 

[0075] This Service Instance enables the Service Provider to 
modify the service delivered to an individual customer , without 
affecting other customer services. It also provides the ability to 
modify the parent service offering and have the changes 
propagated to all of the customers that have subscribed to the 
service." (Bellinger, Para. 52 - Para. 75, Emphasis added). 

From the cited portions of Bellinger, it is abundantly clear that Bellinger 
teaches a management system by which a service provider administrator may 
define service offerings , and advertise the defined service offerings, to a 
customer or group of customers. As specifically stated in Bellinger, Bellinger is 
directed toward "...giv[ing] service providers the means to group customers 
based on common interests and deliver targeted services to those groups in a 
simple, scalable and economical manner." (Bellinger, Para. 70, Emphasis 
added). A service management system which enables a service provider user to 
define and advertise a service offering , as taught in Bellinger, is simply not a 
VPN management system including an enhanced application portal which 
enables a VPN customer user to provide VPN administration commands adapted 
to configure the VPN , as taught in Applicants' invention of at least claim 18. 

Furthermore, although Bellinger teaches a service portal which may be 
accessed by customer users, the service portal taught in Bellinger merely 
provides a capability for the customer users to view the advertised service 
offerings from the service provider and subscribe to the advertised service 
offerings . In the Bellinger system, customers do not have any capability to define 
any parameters of the service offerings. Furthermore, since Bellinger is 
completely devoid of any teaching or suggestion of any VPN management 
capabilities, Bellinger simply cannot teach or suggest that the service portal may 
be used by a customer user to configure a VPN. As such, a service portal by 
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which a customer user may view a service offering and initiate a request to 
subscribe to a service offering , as taught in Bellinger, is simply not an enhanced 
application portal by which a VPN customer user may configure a VPN , as taught 
in Applicants' invention of at least claim 18. 

Moreover, since Bellinger fails to teach or suggest any VPN management 
or configuration capabilities, Bellinger must also fail to teach or suggest the 
limitations of "a policy server, for communicating configuration parameters to 
network elements providing said VPN , said network configuration parameters 
determined according to VPN administration commands and profiles associated 
with said VPN administration commands " and "a directory server, for storing VPN 
topology and operational parameters and providing said VPN topology and 
operational parameters to said policy server and said EAP, said VPN topology 
and operational parameters adapted for being updated by said VPN customer 
user via said EAP ." as taught in Applicants' invention of at least claim 18. As 
such, Bellinger fails to teach or suggest each and every element of Applicants' 
invention, as arranged in the claim. 

"Anticipation requires the presence in a single prior art reference 
disclosure of each and every element of the claimed invention , arranged as in the 
claim" ( Lindemann Maschinenfabrik GmbH v. American Hoist & Derrick Co. . 730 
F.2d 1452, 221 USPQ 481, 485 (Fed. Cir. 1984) (citing Connell v. Sears. 
Roebuck & Co. . 722 F.2d 1542, 220 USPQ 193 (Fed. Cir. 1983)) (emphasis 
added). Bellinger fails to disclose each and every element of the claimed 
invention, as arranged in the claim. 

As such, Applicants submit that independent claim 18 is not anticipated by 
Bellinger and is patentable under 35 U.S.C. §102(e). 

Therefore, Applicants respectfully request that the Examiner's rejection be 
withdrawn. 

35 U.S.C. §103 

Claims 1-2. 5-17. 19-20. 25-30, 33-36 

The Examiner has rejected claims 1-2, 5-17, 19-20, 25-30, and 33-36 
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under 35 U.S.C. §1 03(a) as being unpatentable over Bellinger in view of Roch 
(U.S. 2005/0088977, hereinafter "Roch"). Applicants respectfully traverse the 
rejection. 

For at least the reasons discussed hereinabove, Bellinger fails to teach or 
suggest Applicants' invention of claim 18. Namely, Bellinger fails to teach or 
suggest at least the limitation of "an enhanced application portal (EAP), for 
providing a user interface to a VPN customer user, and receiving therefrom VPN 
administration commands adapted to configure a VPN," as taught in Applicants' 
claim 18. Since Applicants' independent claim 1 includes the related limitation of 
"a dynamic virtual private network (VPN) manager, for providing customer 
network management and policy server functions including a user interface 
enabling remote management of a VPN by a VPN customer user ." and one or 
more parameters "being adapted in response to user commands provided to said 
dynamic VPN manager by said VPN customer user," Applicants submit that 
Bellinger fails to teach or suggest Applicants' invention of claim 1 . Furthermore, 
Roch fails to bridge the substantial gap as between Bellinger and Applicants' 
invention. 

In general, Roch teaches dynamic treatment of quality of service (QOS) 
associated with traffic transported within a secure Virtual Private Network (VPN) 
tunnel. In particular, Roch teaches attaching a QOS marker to data traffic at an 
ingress end of a VPN tunnel, and propagation of QOS information through the 
VPN tunnel to a VPN gateway at the egress side of the VPN tunnel. The QOS 
information propagated to the VPN gateway at the egress side of the VPN tunnel 
is then used for egress processing of the tunnel traffic. 

In other words, Roch merely teaches management of QOS treatment of 
data traffic within a secure VPN tunnel . Roch fails to teach or suggest a 
management system for providing customer network management and policy 
server functions, where the management system includes a user interface 
enabling remote management of a VPN by a VPN customer user , as taught in 
Applicants' invention of at least claim 1 . The insertion of a QOS marker at an 
ingress side of a VPN tunnel for use in processing at the egress side of the VPN 
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tunnel, as taught in Roch, is simply not management of network management 
and policy server functions of a VPN, as taught in Applicants' invention of at least 
claim 1. 

Furthermore, Applicants respectfully submit that a system according to the 
combination of Bellinger and Roch would merely teach a network including one 
management system by which a service provider administrator creates and 
advertises services to customers, and another management system by which a 
customer may manage QOS treatment of individual VPN tunnels . By contrast, 
Applicants' invention discloses a dynamic VPN manager having a user interface 
which enables remote management of a VPN bv the VPN customer user where 
the VPN has at least one of a defined QOS parameter, a defined security 
parameter, and a corresponding billing rate . As such, Bellinger and Roch, alone 
or in combination, fail to teach or suggest Applicants' invention of at least claim 1 , 
as a whole. 

As such, Applicants submit that independent claim 1 is not obvious and 
fully satisfies the requirements of 35 U.S.C. §103 and is patentable thereunder. 
Furthermore, independent claims 18, 25, and 35 include limitations similar to the 
limitations of claim 1 . As such, for at least the same reasons as discussed with 
respect to independent claim 1 , claims 18, 25, and 35 are also not obvious and 
fully satisfy the requirements of 35 U.S.C. §103 and are patentable thereunder. 

As such, Applicants submit that independent claims 1,18, 25, and 35 are 
not obvious and fully satisfy the requirements of 35 U.S.C. §103 and are 
patentable thereunder. Furthermore, claims 2, 5-17, 19-20, 26-30, 33-34 and 36 
depend directly or indirectly from independent claims 1,18, 25, and 35 and recite 
additional limitations thereof. Accordingly, for at least the same reasons as 
discussed above, Applicants submit that these dependent claims are also non- 
obvious and fully satisfy the requirements of 35 U.S.C. §103 and are patentable 
thereunder. 

Therefore, Applicants respectfully request that the Examiner's rejection be 
withdrawn. 
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Claims 3-4 

The Examiner has rejected claims 3-4 under 35 U.S.C. §1 03(a) as being 
unpatentable over Bellinger and Roch as applied to claim 1 , and further in view of 
Field (U.S. Patent 6,778,529, hereinafter "Field"). Applicants respectfully 
traverse the rejection. 

Claims 3-4 depend, either directly or indirectly, from independent claim 1. 
For at least the reasons discussed hereinabove, Bellinger and Roch, alone or in 
combination, fail to teach or suggest Applicants' invention of at least claim 1 , as a 
whole. Furthermore, Field fails to bridge the substantial gap as between Bellinger 
and Roch and Applicants' invention. 

In general, Field teaches a synchronous switch having a switch interface, 
a switch controller, and a switch memory. As taught in Field, the switch interface 
is operable to terminate a bus, the switch controller is operable to determine a 
type of each received traffic cell, and the switch memory is operable to receive 
the traffic cell from the switch interface to store the traffic cell at a memory 
address. (Field, Abstract). 

Field, however, fails to teach or suggest any of the limitations of 
Applicants' invention of at least claim 1 . In fact, Field is completely devoid of any 
teaching or suggestion of any VPN capabilities whatsoever, much less IP 
services aggregation switches, a dynamic virtual private network (VPN) manager, 
or any other limitations of Applicants' invention of at least claim 1 . As such, 
Bellinger, Roch, and Field, alone or in any combination, fail to teach or suggest 
Applicants' invention, as a whole. 

As such, Applicants submit that Bellinger, Roch, and Field, alone or in 
combination, fail to teach or suggest Applicants' invention of claim 1. 
Furthermore, claims 3-4 depend directly from independent claim 1 and recite 
additional limitations thereof. Therefore, for at least the same reasons as 
discussed above with respect to the Examiner's rejection of independent claim 1 , 
dependent claims 3-4 are non-obvious and patentable over Bellinger, Roch, and 
Field under 35 U.S.C. §1 03(a). 
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Therefore, Applicants respectfully request that the Examiner's rejection be 
withdrawn. 

Claims 21-24. 31-32 

The Examiner has rejected claims 21-24 and 31-32 under 35 U.S.C. 
§1 03(a) as being unpatentable over Bellinger in view of Forslow (U.S. 
2005/0088977, hereinafter "Forslow"). Applicants respectfully traverse the 
rejection. 

Claims 21-24 and 31-32 depend, either directly or indirectly, from 
independent claim 18. For at least the reasons discussed hereinabove, Bellinger 
fails to teach or suggest Applicants' invention of at least claim 18, as a whole. 
Furthermore, Forslow fails to bridge the substantial gap as between Bellinger and 
Applicants' invention. 

In general, Forslow teaches a network-based mobile workgroup system. 
As taught in Forslow, the network-based mobile workgroup system enables a 
mobile user to select server resources. (Forslow, Abstract). In particular, as 
taught in Forslow, the network-based mobile workgroup system provides secure 
data access to mobile clients. Furthermore, users within a mobile VPN may 
communicate using intra-domain, inter-domain, or remote-access routing. 
(Forslow, Pg. 4, Para. 0065, 0067). 

Forslow, however, fails to teach or suggest Applicants' invention of at least 
claims 18, as a whole. Forslow is devoid of any teaching or suggestion of an 
enhanced application portal (EAP), for providing a user interface to a VPN 
customer user, and receiving therefrom VPN administration commands adapted 
to configure a VPN," as taught in Applicants' invention of at least claim 18. 
Moreover, Forslow fails to teach or suggest any of the limitations of Applicants' 
invention of at least claim 18. Namely, Forslow is completely devoid of any 
teaching or suggestion of an enhanced application portal (EAP), a policy server, 
or a directory server, as taught in Applicants' invention of at least claim 1 8. As 
such, Bellinger and Forslow, alone or in any combination, fail to teach or suggest 
Applicants' invention, as a whole. 
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As such, Applicants submit that independent claim 18 is not obvious and 
fully satisfies the requirements of 35 U.S.C. §103 and is patentable thereunder. 
Furthermore, claims 21-24 and 31-32 depend, directly or indirectly, from 
independent claim 18 and recite additional limitations thereof. Accordingly, at 
least for the same reasons as discussed above, Applicants submit that these 
dependent claims are also non-obvious and fully satisfy the requirements of 35 
U.S.C. §103 and are patentable thereunder. 

Therefore, Applicants respectfully request that the Examiner's rejection be 
withdrawn. 

SECONDARY REFERENCES 

The secondary references made of record are noted. However, it is 
believed that the secondary references are no more pertinent to Applicants' 
disclosure than the primary references cited in the Office Action. Therefore, 
Applicants believe that a detailed discussion of the secondary references is not 
necessary for a full and complete response to this Office Action. 
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CONCLUSION 



Thus, Applicants submit that all of the claims presently in the application, 
are patentable under the provisions of 35 U.S.C. §§102 and 103. Accordingly, 
both reconsideration of this application and its swift passage to issue are 
earnestly solicited. 

If, however, the Examiner believes that there are any unresolved issues 
requiring adverse final action in any of the claims now pending in the application, 
it is requested that the Examiner telephone Michael Bentlev at (732) 383-1434 or 
Eamon J. Wall, Esq. at (732) 530-9404 so that appropriate arrangements can be 
made for resolving such issues as expeditiously as possible. 



Respectfully submitted, 





Eamon J. Wall, Attorney 
Reg. No. 39,414 
(732) 530-9404 



Patterson & Sheridan, LLP 
595 Shrewsbury Avenue 
Suite 100 

Shrewsbury, New Jersey 07702 
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